Discrete and Process Automation

Video: How to Defeat Shoulder-surfing Hackers

23 August 2017

The differences of the keyboard technology at various distances. Source: NYU TandonThe differences of the keyboard technology at various distances. Source: NYU TandonIn today’s age of cybercriminals gathering our personal information from a variety of hacks, it isn’t that surprising that people are a bit more wary than they used to be when entering their PIN codes or account numbers when someone is standing behind them.

Researchers at NYU Tandon School of Engineering have developed an application that may help in fending off tactics such as “shoulder-surfing,” where someone peers at you from behind or through a video camera.

The method, called IllusionPIN, deploys a hybrid-image keyboard that appears one way to the close-up user and differently to an observer at a distance of three feet or greater. The technology uses one image of a keyboard configuration with high spatial frequency and a second, completely different keyboard with low spatial frequency. The visibility of each keyboard is dependent on the distance from where it is viewed.

"The traditional configuration of numbers on a keypad is so familiar that it's possible for an observer to discern a PIN or access code after several viewings of surveillance video," says Nasir Memon, professor of computer science and engineering at NYU Tandon. "On a device running IllusionPIN, the user—who is closest to the device—sees one configuration of numbers, but someone looking from a distance sees a completely different keypad."

The IllusionPIN even reconfigures the keypad for each authentication or login attempt.

Researchers tested the technology in a series of shoulder-surfing attacks on smartphones to test its effectiveness at various distances. Out of the 84 attempted attacks on 21 users, none of them were successful. They balanced the test with mounted 21 shoulder-surfing attacks on unprotected phones using the same distance parameters. All 21 attacks were successful. Researchers indicate the IllusionPIN technology made it nearly impossible to steal PIN or other sensitive information using surveillance footage.

"PIN authentication is popular for good reasons, namely that it is easy to use and to remember," Memon says. "Our goal was to increase the resilience of PIN authentication without straining the device or compromising user experience."

The full research can be found in the IEEE Xplore Digital Library.

To contact the author of this article, email PBrown@globalspec.com

Powered by CR4, the Engineering Community

Discussion – 0 comments

By posting a comment you confirm that you have read and accept our Posting Rules and Terms of Use.
Engineering Newsletter Signup
Get the Engineering360
Stay up to date on:
Features the top stories, latest news, charts, insights and more on the end-to-end electronics value chain.
Weekly Newsletter
Get news, research, and analysis
on the Electronics industry in your
inbox every week - for FREE
Sign up for our FREE eNewsletter
Find Free Electronics Datasheets